Recently installed ZA Free and am getting Security Alerts saying:
the firewall has bloked Internet access to 192.168.58.114 (NetBIOS Session) from your computer (TCP Flags: S). Repeatedly as it tries hopelessly to make contact with the laptop in the next room. Is a home 192.168... network seen as 'Internet'??

I can find no means to free this blockage except follow the advice that I buy the Pro package. Is this so? Or is it just that I was too uncreative to look for the Help menu in the context menu of the System Tray icon, instead of across the top of the Zone Alarm item launched from the 'Start - All Programs - Zone Alarm' entry?

<hr>Zungu said:
Recently installed ZA Free and am getting Security Alerts saying:
the firewall has bloked Internet access to 192.168.58.114 (NetBIOS Session) from your computer (TCP Flags: S). Repeatedly as it tries hopelessly to make contact with the laptop in the next room. Is a home 192.168... network seen as 'Internet'??

I can find no means to free this blockage except follow the advice that I buy the Pro package. Is this so? Or is it just that I was too uncreative to look for the Help menu in the context menu of the System Tray icon, instead of across the top of the Zone Alarm item launched from the 'Start - All Programs - Zone Alarm' entry?

Normally the home network should not be seen as Internet. The initial New Network Found by the ZA should have been set as Trusted. But if the IP of the laptop is not entered as Truste, then the ZA Free will see it as Internet.
The file sharing or ICS in the ZA free is limited, but it can be done.
First make sure the ZA Trusted Zone Security slider is set to Medium not High. Next enter the IP of the laptop in the Zones of the Firewall as Trusted. The DHCP/gateway IP should also be entered as Trusted.
Enter both the DHCP/gateway IP and the desktop's IP as Trusted in the laptop (If using the ZA in the laptop). It should work now.

Open the ZA up and click the blue Help in the upper right or press F1, then the Help file will open up. It does have a search engine. But I suspect the Help is geared towards the paid versions.

Cheers, Oldsod

Message Edited by Oldsod on 01-26-2008 08:21 AM

January 26th, 2008

zungu

Re: Blocked access to my own computers??

Many thanks to both of you for quick and helpful responses.

'Zones' shows my NIC with the IP 'Address/Site' saying 192.168.58.113/255.255.255.0, being my main PC's IP and the networks subnet mask. It is the only item in the 'Internet' Zone. I don't recall being asked for the network address or I would have started it at ...1 (my DHCP range starts at 110, though, having had need for static addresses in the past).

ZA says that I am not allowed to edit an active NIC subnet (to bring it down to 192.168.58.1). 'Stop all Internet activity' doesn't release this restriction.

I see no point - except in desperation - in putting my machines' DHCP-generated IP addresses in the Zones.

DHCP server/Gateway - 192.168.58.1, a Linksys wired/wireless router - and external DNS servers are in the Trusted Zone. This is set to default 'Medium' and 'Internet' to 'High'.

The other 3 machines on the network don't have ZA on them.

January 26th, 2008

watcher

Re: Blocked access to my own computers??

Dear Zungu:

Assuming your router is using DHCP and assigning IP addresses to the LAN PCs, and the Local Area Connection or Wireless Network Connection IP Properties(depending upon whether you are using a wired or wireless connection to the router) is configured to obtain an IP address automatically, that part is out of the way.

For the zones, you should have a Entry Type=Network there somewhere. If, for some reason it is not being detected, create a subnet entry with 192.168.58.0/255.255.255.0 (network IP/subnet) and place it in the Trusted zone. This is a private IP address range(192.168.58.1-254), not routable on the Internet. You don't need to put the DHCP range as a separate entry. Also, because the Trusted zone has Medium security, it won't block file and printer sharing. You must have file and printer sharing enabled on all PCs, both on the NICs and in the operating system. If you use external DNS servers, that is correct for them to be placed there, Entry Type=IP Address, and placed in the Trusted zone. There should also be a Local Loopback Address entry, IP Address=127.0.0.1, Entry Type=IP Address, and Zone=Trusted.

Lastly, click Program Control panel, Programs tab, find the entry, Generic Host Process for Win32 Services, and change the permissions to the following:

Seems 'Trust level' is not part of this FreeZA, nor is 'Send mail'. I'm unsure about the 'Subnet' entry which is how I interpreted your advice. Is this right? The regular offending popups seem to have stopped but maybe I ticked the 'don't show me' button earlier. Can this be unticked?

January 27th, 2008

zaswing

Re: Blocked access to my own computers??

ZA free behaves slightly differently when it detects a network. It always reports 'Adapter subnet' and 192.168.58.113/255.255.255.0 as an example. That should be in the Trusted zone, as I gather it is.

They will not permit 192.168.58.0/255.255.255.0 as the paid users see. In paid versions, the normal entry, BTW, with a Linksys router is
192.168.1.0/255.255.255.0, and the router itself is 192.168.1.1, but I guess the subject router has that 58 designation somehow.

I don't see anything wrong in the picture other than make .113 Trusted if that's causing alert.

No, ZA free does not have the Trust level setting on the Programs list, nor Send mail.

Message Edited by zasuiteuser on 01-27-2008 11:21 PM

January 28th, 2008

watcher

Re: Blocked access to my own computers??

Dear zasuiteuser:

Thanks for the input.

I have a question. When you say ZAfree won't allow a network IP ending in a zero, does ZAfree put the router IP in then for the Adapter Subnet for private IP address ranges?

WATCHER

January 28th, 2008

zaswing

Re: Blocked access to my own computers??

WATCHER,
My information and screen shots are based on v5 and v6 for the free version. I haven't run ZA free version 7. One of these days!

The answer is NO.
It always calls it 'adapter subnet', and no zero at the end.
You have to add the router such as 192.168.1.1 and I usually just called it 'Router DHCP DNS'

WATCHER, I wonder if this locking it into a specific IP might not be related to free version not having internet connection sharing. I'm just not that well versed in networks, but your question got me thinking :)

For the firewall to permit sharing files with another computer, at least for me with some W2K machines, NetBIOS has to be on in the TCP/IP properties. That, in addition to putting it in the Trusted zone might solve the problem posed in the first post.

Message Edited by zasuiteuser on 01-28-2008 08:37 PM

January 29th, 2008

watcher

Re: Blocked access to my own computers??

Dear zasuiteuser:

Thanks for the info.

I'm confused as well here. Zungu's screenshot shows DHCP server(router) as 192.168.58.1. Yet, ZAfree is creating an
Entry Type=Adapter Subnet entry for IP 192.168.58.113. What is that entry for?

If Zungu's network won't work with the Entry Type=Subnet entry 192.168.58.0/255.255.255.0 created, then it would be necessary to create the entry for the router and a separate Entry Type=IP Range entry for the DHCP Pool addresses. That's assuming Zungu is using DHCP for all networked PCs. If Zungu is using static IP addresses for the networked PCs, then Oldsod's response about putting each networked PC's IP address in the Zones tab would be necessary. This is theoretical on my part as I don't use ZAfree either. That edition really scares me with how crippled an edition it is compared to ZAPRO which I use.

Re NetBIOS, according to MS Windows XP Professional Resource Kit, 3rd edition, in Local Area Connection or Wireless Network Connection properties, File and Printer Sharing for Microsoft Networks should be bound to the NIC to enable file sharing. The Server service should also be running on the PC(s)/servers hosting the shared files. If the DHCP server is running Windows NT server operating system, you would need the option, Enable NetBIOS over TCP/IP. Windows 2000 server, Windows Server 2003, and Windows XP don't. If your network was blended with both Windows NT servers and Windows 2000 servers or Windows Server 2003, then you would need the option as well.